Doubt about OpenSSL library initialization in an HTTP client application

classic Classic list List threaded Threaded
15 messages Options
Reply | Threaded
Open this post in threaded view
|

Doubt about OpenSSL library initialization in an HTTP client application

silvioprog
Hello all,

I'm trying to speed up the initialization of a legacy HTTP client application. Debugging that code, I found the following functions being called each application startup:

  initialization
    SSL_library_init()
    SSL_load_error_strings()
    OpenSSL_add_all_algorithms()
    RAND_screen()

however, the execution of RAND_screen()  spends about 3 seconds.

The first idea was commenting this line, but I don't know if I really can do that. After some "googling" I found someone doing something like this:

  initialization
    SSL_library_init()
    SSL_load_error_strings()
    OpenSSL_add_all_algorithms()
    //RAND_screen()
    unsigned char c;
    RAND_bytes(&c, 1);

anyway I don't know if it is really necessary, so I just commented RAND_screen() line and without add this call to RAND_bytes().

So I have a question: do I really need to call some function like RAND_* at each application initialization?


--
Silvio Clécio

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Doubt about OpenSSL library initialization in an HTTP client application

Salz, Rich

What version of openssl are you using?  Current versions do not call RAND_screen or other long-term heap-walking on Windows.

 

You absolutely *must* properly initialize the random number generator.  If you fail to do that, attackers can guess the keys that you use.  You will be providing only the illusion of security.

 

Please pass this along to that other app.  What it, and you, are doing is horrible.

 

-- 

Senior Architect, Akamai Technologies

Member, OpenSSL Dev Team

IM: [hidden email] Twitter: RichSalz


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Doubt about OpenSSL library initialization in an HTTP client application

Jeffrey Walton-3
In reply to this post by silvioprog
> I'm trying to speed up the initialization of a legacy HTTP client
> application. Debugging that code, I found the following functions being
> called each application startup:
>
>   initialization
>     SSL_library_init()
>     SSL_load_error_strings()
>     OpenSSL_add_all_algorithms()
>     RAND_screen()
>
> however, the execution of RAND_screen()  spends about 3 seconds.

Also see https://wiki.openssl.org/index.php/Library_Initialization and
https://wiki.openssl.org/index.php/Random_Numbers#Windows_Issues.

The short of it is, you should stop relying on auto-initialization of
the RNG, and seed it yourself with a call to `RAND_add`.

Jeff
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Doubt about OpenSSL library initialization in an HTTP client application

silvioprog
In reply to this post by Salz, Rich
Thanks for replying!

I found two libraries at application's directory: libeay32.dll and ssleay32.dll, both with file version 0.9.8.14 and product version 0.9.8n.

I totally agree about properly initializing the random number generator, however I don't know how to do that yet. That code I'm using is a third party Pascal binding for the OpenSSL C library, and I've noticed that many other packages was based on that implementation too (eg: https://github.com/graemeg/freepascal/blob/master/packages/openssl/src/openssl.pas#L4442 - it seems based on an old LibOpenSsl version).

The application I'm fixing uses the same file this link above, and I can edit it without problems. I removed the line RAND_screen and now the application initializes fast, but I'm not sure if it will turn my application vulnerable.

If I get to solve it I will try some patch sharing it to the authors of these bindings.

On Sat, Dec 3, 2016 at 2:34 PM, Salz, Rich <[hidden email]> wrote:

What version of openssl are you using?  Current versions do not call RAND_screen or other long-term heap-walking on Windows.

 

You absolutely *must* properly initialize the random number generator.  If you fail to do that, attackers can guess the keys that you use.  You will be providing only the illusion of security.

 

Please pass this along to that other app.  What it, and you, are doing is horrible.

 

-- 

Senior Architect, Akamai Technologies

Member, OpenSSL Dev Team

IM: [hidden email] Twitter: RichSalz


--
Silvio Clécio

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Doubt about OpenSSL library initialization in an HTTP client application

silvioprog
In reply to this post by Jeffrey Walton-3
Thanks for sharing the links, I'm going to check them.

The original code call RAND_screen() only once in the app initialization, so can I replace it by RAND_add()? (I'm newbie on SSL)

I've noticed the application is just a HTTP client consuming some web services via HTTPS. It doesn't call explicitly any OpenSSL random function, so I think it uses the default OpenSSL configurations.

On Sat, Dec 3, 2016 at 3:42 PM, Jeffrey Walton <[hidden email]> wrote:
[...]
Also see https://wiki.openssl.org/index.php/Library_Initialization and
https://wiki.openssl.org/index.php/Random_Numbers#Windows_Issues.

The short of it is, you should stop relying on auto-initialization of
the RNG, and seed it yourself with a call to `RAND_add`.

Jeff

--
Silvio Clécio

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Doubt about OpenSSL library initialization in an HTTP client application

silvioprog
Finally I think I solved this problem! :-)

This is the patch I'm going to send to the `ssl_openssl_lib` authors: http://pastebin.com/VgSpnwxB .

In short, I just removed the RAND_screen() call, generated a random buffer using RAND_bytes() (based on https://wiki.openssl.org/index.php/Random_Numbers#Software) seeding via RAND_add().

Thanks a lot for the help, dudes! :-)

On Sun, Dec 4, 2016 at 12:01 AM, silvioprog <[hidden email]> wrote:
Thanks for sharing the links, I'm going to check them.

The original code call RAND_screen() only once in the app initialization, so can I replace it by RAND_add()? (I'm newbie on SSL)

I've noticed the application is just a HTTP client consuming some web services via HTTPS. It doesn't call explicitly any OpenSSL random function, so I think it uses the default OpenSSL configurations.

On Sat, Dec 3, 2016 at 3:42 PM, Jeffrey Walton <[hidden email]> wrote:
[...]
Also see https://wiki.openssl.org/index.php/Library_Initialization and
https://wiki.openssl.org/index.php/Random_Numbers#Windows_Issues.

The short of it is, you should stop relying on auto-initialization of
the RNG, and seed it yourself with a call to `RAND_add`.

Jeff

--
Silvio Clécio

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Doubt about OpenSSL library initialization in an HTTP client application

silvioprog
Oops,

I meant:

"In short, I just replaced the RAND_screen() call to the RAND_poll(), generated a random buffer using RAND_bytes() (based on https://wiki.openssl.org/index.php/Random_Numbers#Software) seeding it via RAND_add()"

On Mon, Dec 12, 2016 at 2:46 PM, silvioprog <[hidden email]> wrote:
[...]
In short, I just removed the RAND_screen() call, generated a random buffer using RAND_bytes() (based on https://wiki.openssl.org/index.php/Random_Numbers#Software) seeding via RAND_add().

--
Silvio Clécio

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Doubt about OpenSSL library initialization in an HTTP client application

Salz, Rich
> "In short, I just replaced the RAND_screen() call to the RAND_poll(), generated a random buffer using RAND_bytes() (based on https://wiki.openssl.org/index.php/Random_Numbers#Software) seeding it via RAND_add()"

You fed RAND_bytes output back into RAND_add?  That's silly.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Doubt about OpenSSL library initialization in an HTTP client application

silvioprog
On Mon, Dec 12, 2016 at 3:04 PM, Salz, Rich <[hidden email]> wrote:
> "In short, I just replaced the RAND_screen() call to the RAND_poll(), generated a random buffer using RAND_bytes() (based on https://wiki.openssl.org/index.php/Random_Numbers#Software) seeding it via RAND_add()"

You fed RAND_bytes output back into RAND_add?  That's silly.

Yes. Is it unnecessary? My steps are:

...
- RAND_scree()
+ RAND_poll()
+ RAND_bytes(buf, 128);
+ RAND_add(buf, length(buf), length(buf));
...

(I noticed I sent wrong patch, the correct one declare the RAND_bytes func ^^' )

--
Silvio Clécio

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Doubt about OpenSSL library initialization in an HTTP client application

Salz, Rich
> > You fed RAND_bytes output back into RAND_add?  That's silly.

> Yes. Is it unnecessary? My steps are:

It is a bad idea.  It is pointless.  Don't do it.


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Doubt about OpenSSL library initialization in an HTTP client application

silvioprog
On Mon, Dec 12, 2016 at 3:28 PM, Salz, Rich <[hidden email]> wrote:
> > You fed RAND_bytes output back into RAND_add?  That's silly.
> Yes. Is it unnecessary? My steps are:

It is a bad idea.  It is pointless.  Don't do it.

So what is the correct way, 1 or 2?

1)

RAND_poll()
/* RAND_bytes is unnecessary */
/* RAND_add is unnecessary */

2)

RAND_poll()
RAND_bytes(buf, 128);
/* RAND_add is unnecessary */

:-S 

--
Silvio Clécio

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Doubt about OpenSSL library initialization in an HTTP client application

silvioprog
On Mon, Dec 12, 2016 at 3:33 PM, silvioprog <[hidden email]> wrote:
[...] 
So what is the correct way, 1 or 2?

*"which is ..."

--
Silvio Clécio

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Doubt about OpenSSL library initialization in an HTTP client application

Salz, Rich
In reply to this post by silvioprog

Seed the RNG, via RAND_poll.  When or if you need random bytes, call RAND_bytes.  If you just need crypto keys, call the appropriate keygen API.

 

Done.


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Doubt about OpenSSL library initialization in an HTTP client application

Jeffrey Walton-3
In reply to this post by silvioprog
> So what is the correct way, 1 or 2?
>
> 1)
>
> RAND_poll()
> /* RAND_bytes is unnecessary */
> /* RAND_add is unnecessary */
>
> 2)
>
> RAND_poll()
> RAND_bytes(buf, 128);
> /* RAND_add is unnecessary */

On Windows, you call CryptGenRandom to obtain your seed for the
OpenSSL PRNG. On Linux, you use one of the random devices, like
/dev/srandom, /dev/random, or /dev/urandom.

Windows Phone and Windows Store apps add a twist, like requiring calls
to BCryptGenRandom. There's no way to wrote portable code when you
factor in Windows Phone and Windows Store. It will be a #define mess.

Jeff
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Doubt about OpenSSL library initialization in an HTTP client application

silvioprog
On Mon, Dec 12, 2016 at 3:53 PM, Jeffrey Walton <[hidden email]> wrote:
> So what is the correct way, 1 or 2?
>
> 1)
>
> RAND_poll()
> /* RAND_bytes is unnecessary */
> /* RAND_add is unnecessary */
>
> 2)
>
> RAND_poll()
> RAND_bytes(buf, 128);
> /* RAND_add is unnecessary */

On Windows, you call CryptGenRandom to obtain your seed for the
OpenSSL PRNG. On Linux, you use one of the random devices, like
/dev/srandom, /dev/random, or /dev/urandom.

Windows Phone and Windows Store apps add a twist, like requiring calls
to BCryptGenRandom. There's no way to wrote portable code when you
factor in Windows Phone and Windows Store. It will be a #define mess.

Jeff

Perfect! So I just need to call RAND_poll(), because it seems already choosing that funcs above. :-)



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users